Sponsored Links

How Would ISP know when customers are compromised?

Hello, I am currently a student at Birmingham City University, studying Networks and Security and Part of my Project asks me to research into the topic of ISP's. I was asked to look on forums as part of my research seeking professional advice from users who may know about this certain topic.

one of the given questions are:
-How Would ISP know when customers are compromised (Viruses, Malware, Adware) and what can / should they do to prevent this?

Can anyone pleas help me ?
Any information would be great , thank youu! :D
RAMZI - BCU
 
I'll have a go at this.. perhaps some ISPs can also chip in and provide more clarity.

The ISP cannot know.

The ISP may suspect: if the traffic passing back and forth to the customer is subjected to what I think is called "deep packet inspection" to look for tell-tale signs of certain malware - for example, a network administrator might be able to see traffic going to a particular server on a regular basis - that traffic being generated by a Trojan on one of the computers. A network administrator of half a dozen computers in a building might spot this, but at an ISP level, it's the proverbial needle in a haystack.

A sudden uptick in traffic on a particular connection might indicate malware, but it probably doesn't, in the same way that card issuers implement "anti fraud blocking" on debit and credit cards by using an algorithm to look for suspicious patterns of card usage but it is not a precise test and can and does create false positives.

That's analysing maybe a dozen or fewer transactions a day per card.

That pales into insignificance compared with the resource required to analyse every packet for every customer on an ISP network.

ISPs do not do this level of packet inspection. The most similar type of mass spying like this was called Phorm (Google it) and was introduced by BT and then withdrawn in the face of public fury as far as we know.

This is much more the realm of GCHQ.
 
Microsoft once liked the idea of banning infected computers from their broadband..

http://www.ispreview.co.uk/story/20...n-malware-infected-pcs-from-the-internet.html

..then it realised this approach had many problems:

http://www.ispreview.co.uk/story/20...n-malware-infected-pcs-from-the-internet.html

So, much as DTMark says, an ISP struggles at the first hurdle with being able to identify what is actually happening on the customer’s connection. Some providers, such as those that offer email services with anti-virus filters, might be able to spot certain types of problems by looking at outgoing infection statistics but many consumer ISPs don't even do their own email anymore.
 
Sponsored Links
Thank you for your reply !:)
@DTMark .. As you have said the ISPs cannot really pick up on compromised customers, i have researched alot on the internet, however some criteria is put into place like DPI but then again not very beneficial on a large scale :(
 
@MarkJ

Thanks for your reply :) really interesting how microsoft introduced the idea of banning then retracting from doing soo, i shal be researching on this topic more! thank you
 
You might also like to give Virgin Media a bell and ask them about how they approach this problem as they've got some good past experiences with tackling it. However it might also be difficult to find somebody to talk with that has the right knowledge.
 
I got a call back in 2001 from my ISP Telewest (now Virgin Media) claiming I had a PC that was infected with the NIMDA worm and as a result they had put a block on my line. I explained to the guy on the phone that I was not a PC novice and had AV software and that it was very unlikely. He took a bit of convincing and after talking me through some tests on my PC lifted the block.

After hanging up I remembered I had Googled some unusual log entries on my web hosting account a few days earlier. The results from Google had suggested an attempt to infect my web site with NIMDA. So although I have no proof to be 100% sure, it appeared that my ISP was monitoring what I was searching for and that somehow triggered an alert. I'm still with the same ISP and have never had anything like this since. I'd like to think they are being a bit smarter these days.
 
Sponsored Links
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6026)
  2. BT (3639)
  3. Politics (2721)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2146)
  8. FTTC (2083)
  9. Statistics (1901)
  10. 4G (1816)
  11. Virgin Media (1764)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1407)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules